Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Archc0n 2016 - Doctor's Orders: Cybersecurity p...

Archc0n 2016 - Doctor's Orders: Cybersecurity programs need an intervention

We don’t need to read Threatbutt’s "2016 Danger Zone Incident Report" to understand that we are getting our asses handed to us. To make matters worse, pundits shout down from their ivory towers that breached organizations should have “done the basics.” Doctors prescribe the basics as well: maintain a healthy weight, eat fruits and vegetables, and exercise five times a week. Does that mean these basics are easy for us to do? No of course not. In this keynote, Rick will use personal health analogies to explain why our cyber security programs are in desperate need of an intervention and what we can do about it.

Rick Holland

August 26, 2016
Tweet

More Decks by Rick Holland

Other Decks in Technology

Transcript

  1. 3 “I’m prepping to survive an EMP detonation that will

    wipe out our nation’s transportation system.”
  2. 12

  3. 13

  4. 14

  5. 16

  6. 19

  7. 23

  8. 25

  9. 26

  10. 28 “Strength does not come from winning. Your struggles develop

    your strengths. When you go through hardships and decide not to surrender, that is strength.”
  11. 29

  12. 30

  13. 32

  14. 36 Mayo Clinic 1.  Treatments and drugs 2.  Lifestyle 3. 

    Alternative medicine 4.  Coping and support
  15. 39

  16. 40 The global deception technology market will generate revenue over

    $1 billion by 2020 Source: Technavio market research company
  17. 41 2017 priority list 1.  Deception technology 2.  Machine learning

    (whatever that means) 3.  Multi factor authentication on public facing services 4.  Remove local admin rights from all users 5.  Recruiting
  18. 42 2017 priority list 1.  Deception technology 2.  Machine learning

    (whatever that means) 3.  Multi factor authentication on public facing services 4.  Remove local admin rights from all users 5.  Recruiting
  19. 45 “The first thing I'm doing is I'm catching the

    sight lines and looking for an exit.”
  20. 50

  21. 51

  22. 53 The Hand of the CISO ‣  Organizations need a

    dedicated strategy function ‣  Unencumbered by operational responsibilities (fire drills)
  23. 54 Strategy function ‣  Embed with functional roles within the

    organization ‣  Optimize people, process and technology ‣  Facilitate an incubator program
  24. 55

  25. 58 The Hand of the CISO can focus on lines

    of business to translate their security needs. @rickhholland
  26. 71 These problems won’t fix themselves “I've never done this

    before either, and I ain't starting now. You brought 'er here, that means you give her the shot.”
  27. 73 Next week 1.  Find out what your organization’s 2017

    plans are 2.  Find a way to be proactive within your circle of control 3.  Moratorium on investment, assess capabilities 4.  Try some burnt ends